The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.
For a list of other such plugins, see the Pipeline Steps Reference page.
multiSwarm
credential : String
charset : String
(optional)
format : String
(optional)
excludes : String
(optional)
A regular expression to exclude matching branch names with in the Swarm project
filter
(optional)
latest
latestChange : boolean
pathFilter
path : String
Changes can be filtered to not trigger a build; if all the files within a change match the specified path, the build is filtered.
For example, with a Filter of " //depot/main/tests
":
Case A (change will be filtered):
Files:
//depot/main/tests/index.xml
//depot/main/tests/001/test.xml
//depot/main/tests/002/test.xml
Case B (change will not be filtered, as build.xml is outside of the filter):
Files:
//depot/main/src/build.xml
//depot/main/tests/004/test.xml
//depot/main/tests/005/test.xml
This is not Perforce syntax. Use of ... and * patterns are not supported. Only paths to directories are supported.
viewPattern
patternText : String
Changes can be filtered to not trigger a build; if none of the files within a change match a Java pattern (regular expression) listed, the build is filtered.
For example, with the following regular expressions: //depot/main/tests.*
//depot/main/src/.*\.cpp
//depot/main/build/.*(?:\.rb|\.py|\.bat|Jenkinsfile)
//depot/main/lib/(?!Lib1|Lib2).*
Case A (change will not be filtered, as these files match our first pattern on "tests"):
Files:
//depot/main/tests/CONTRIUBTING.md
//depot/main/tests/001/index.xml
Case B (Be careful with incomplete file paths! Change will NOT be filtered,
as this file matches a pattern which was likely intended as describing a "tests/" directory.)
Files:
//depot/main/tests.doc
Case C (change will NOT be filtered, as all files match our fourth pattern looking for script files in 'build/'):
Files:
//depot/main/build/rbs/deploy_server.rb
//depot/main/build/deploy/deploy.bat
//depot/main/build/Jenkinsfile
Case D (change will be filtered, as no file matches our second pattern for ".cpp" files under "main/src"):
Files:
//depot/main/src/howto.doc
//depot/main/src/oldmain.c
//depot/main/src/art/splash.bmp
//depot/main/src/bt/funnelcake.php
Case E (change will be filtered. Lib1 is included in a negative lookahead, and thus is excluded.)
Files:
//depot/main/lib/Lib1/build.xml
caseSensitive : boolean
incremental
perChange : boolean
When enabled, only the one, oldest changelist returned by polling is built.
If P4_INCREMENTAL
environment variable (or build parameter) is set to "false", polling per change is ignored and all changelists are built.
userFilter
user : String
Changes can be filtered to not trigger a build; if the owner of a change matches the specified name, the build is filtered.
viewFilter
viewMask : String
Changes can be filtered to not trigger a build; if none of the files within a change are contained in the view mask, the build is filtered.
For example, with a View Mask Filter of: //depot/main/tests
-//depot/main/tests/001
Case A (change will not be filtered, as index.xml is in the view mask):
Files:
//depot/main/tests/index.xml
//depot/main/tests/001/test.xml
Case B (change will not be filtered, as index.xml is in the view mask):
Files:
//depot/main/test/index.xml
//depot/main/src/build.xml
Case C (change will be filtered, as no file is in the view mask):
Files:
//depot/main/src/build.xml
Case D (change will be filtered, as no file is in the view mask):
Files:
//depot/main/src/build.xml
//depot/main/tests/001/test.xml
id : String
(optional)
includes : String
(optional)
populate
(optional)
autoClean
replace : boolean
Perforce will check out and overwrite any depot files which are either missing from workspace, or have been modified locally.
delete : boolean
Perforce will delete any local files that are not in the depot.
tidy : boolean
modtime : boolean
quiet : boolean
Enables the -q flag for all applicable Perforce operations. Summary details will still be displayed.
pin : String
When a build is triggered by Polling, Build Now or an external Action, the workspace will sync only to the specified label. Any other specified change or label will be ignored.
Supports variable expansion e.g. ${VAR}. If 'now' is used, or a variable that expands to 'now', then the latest change is used (within the scope of the workspace view).
parallel
enable : boolean
path : String
threads : String
minfiles : String
minbytes : String
previewOnly
quiet : boolean
Enables the -q flag for all applicable Perforce operations. Summary details will still be displayed.
pin : String
flushOnly
quiet : boolean
pin : String
When a build is triggered by Polling, Build Now or an external Action, the workspace will flush only to the specified label or changelist number. Any other specified change or label will be ignored.
Supports variable expansion e.g. ${VAR}. If 'now' is used, or a variable that expands to 'now', then the latest change is used (within the scope of the workspace view).
forceClean
have : boolean
quiet : boolean
Enables the -q flag for all applicable Perforce operations. Summary details will still be displayed.
pin : String
When a build is triggered by Polling, Build Now or an external Action, the workspace will sync only to the specified label. Any other specified change or label will be ignored.
Supports variable expansion e.g. ${VAR}. If 'now' is used, or a variable that expands to 'now', then the latest change is used (within the scope of the workspace view).
parallel
enable : boolean
path : String
threads : String
minfiles : String
minbytes : String
graphClean
quiet : boolean
Enables the -q flag for all applicable Perforce operations. Summary details will still be displayed.
pin : String
When a build is triggered by Polling, Build Now or an external Action, the workspace will sync only to the specified label. Any other specified change or label will be ignored.
Supports variable expansion e.g. ${VAR}. If 'now' is used, or a variable that expands to 'now', then the latest change is used (within the scope of the workspace view).
parallel
enable : boolean
path : String
threads : String
minfiles : String
minbytes : String
syncOnly
revert : boolean
have : boolean
force : boolean
modtime : boolean
quiet : boolean
Enables the -q flag for all applicable Perforce operations. Summary details will still be displayed.
pin : String
When a build is triggered by Polling, Build Now or an external Action, the workspace will sync only to the specified label. Any other specified change or label will be ignored.
Supports variable expansion e.g. ${VAR}. If 'now' is used, or a variable that expands to 'now', then the latest change is used (within the scope of the workspace view).
parallel
enable : boolean
path : String
threads : String
minfiles : String
minbytes : String
project : String
(optional)
traits
(optional)
$class: 'ApprovedPullRequestTrait'
strategyId : int
authorInChangelog
bitbucketAgedRefsTrait
retentionDays : String
bitbucketBranchCommitSkipTrait
bitbucketBuildStatusNotifications
disableNotificationForNotBuildJobs : boolean
(optional)
sendSuccessNotificationForUnstableBuild : boolean
(optional)
bitbucketCommitSkipTrait
$class: 'BitbucketJiraValidatorTrait'
jiraServerIdx : int
buildStatusNameCustomPart
buildStatusNameCustomPart : String
(optional)
buildStatusNameOverwrite : boolean
(optional)
ignoreTypeInStatusName : boolean
(optional)
$class: 'ChangeDiscoveryTrait'
queryString : String
Provide an additional query string to search for open changes. The status:open is implicitly added and does not need to be specified. See Gerrit search operators documentation for a detailed list of the supported search operators.
-is:wipdoes not include work-in-progress changes
is:privateincludes private changes
checkoutOption
extension
timeout : int
cleanAfterCheckout
extension
.gitignore
. It also resets all tracked files to their versioned state. This ensures that the workspace is in the same state as if you cloned and checked out in a brand-new empty directory, and ensures that your build is not affected by the files generated by the previous build.
deleteUntrackedNestedRepositories : boolean
(optional)
.git
directories.
cleanBeforeCheckout
extension
.gitignore
. It also resets all tracked files to their versioned state. This ensures that the workspace is in the same state as if you cloned and checked out in a brand-new empty directory, and ensures that your build is not affected by the files generated by the previous build.
deleteUntrackedNestedRepositories : boolean
(optional)
.git
directories.
$class: 'CleanMercurialSCMSourceTrait'
cloneOption
extension
shallow : boolean
noTags : boolean
reference : String
timeout : int
depth : int
(optional)
honorRefspec : boolean
(optional)
$class: 'DisableStatusUpdateTrait'
discoverOtherRefs
ref : String
The pattern under /refs on the remote repository to discover, can contain a wildcard.
Example: test/*/merged
nameMapping : String
(optional)
Mapping for how the ref can be named in for example the @Library
.
Example: test-@{1}
Where @{1} replaces the first wildcard in the ref when discovered.
By default it will be "namespace_before_wildcard-@{1}". E.g. if ref is "test/*/merged" the default mapping would be "test-@{1}".
$class: 'FilterChecksTrait'
queryOperator
ID
, SCHEME
queryString : String
gitLabForkDiscovery
strategyId : int
trust
One of the great powers of merge requests is that anyone with read access to a project can fork it, commit some changes to their fork and then create a merge request against the original project with their changes. There are some files stored in source control that are important. For example, a Jenkinsfile
may contain configuration details to sandbox merge requests in order to mitigate against malicious merge requests. In order to protect against a malicious merge request itself modifying the Jenkinsfile
to remove the protections, you can define the trust policy for merge requests from forks.
Other plugins can extend the available trust policies. The default policies are:
Jenkinsfile
) the contents of that file will be retrieved from the target branch on the origin project and not from the merge request branch on the fork project.
Nobody
.
jenkins.scm.api.trait.SCMHeadAuthority<? super io.jenkins.plugins.gitlabbranchsource.GitLabSCMSourceRequest, ? extends jenkins.scm.api.mixin.ChangeRequestSCMHead2, ? extends jenkins.scm.api.SCMRevision>
buildMRForksNotMirror : boolean
(optional)
browser
browser
assembla
repoUrl : String
$class: 'BacklogGitRepositoryBrowser'
repoName : String
repoUrl : String
bitbucketServer
repoUrl : String
bitbucket
repoUrl : String
cgit
repoUrl : String
fisheye
repoUrl : String
gitblit
repoUrl : String
projectName : String
$class: 'GitBucketBrowser'
url : String
gitLab
repoUrl : String
version : String
(optional)
$class: 'GitLabBrowser'
https://gitLab.example.com
then the URL for bob's skunkworks project might be https://gitLab.example.com/bob/skunkworks
.
projectUrl : String
https://gitLab.example.com
then the URL for bob's skunkworks project might be https://gitLab.example.com/bob/skunkworks
gitList
repoUrl : String
gitWeb
repoUrl : String
$class: 'GiteaBrowser'
repoUrl : String
https://gitea.example.com
then the URL for bob's skunkworks project repository might be https://gitea.example.com/bob/skunkworks
github
repoUrl : String
gitiles
repoUrl : String
$class: 'GitoriousWeb'
repoUrl : String
gogs
repoUrl : String
kiln
repoUrl : String
phabricator
repoUrl : String
repo : String
redmine
repoUrl : String
rhodeCode
repoUrl : String
$class: 'ScmManagerGitRepositoryBrowser'
repoUrl : String
$class: 'Stash'
repoUrl : String
teamFoundation
repoUrl : String
If TFS is also used as the repository server, this can usually be left blank.
$class: 'TracGitRepositoryBrowser'
$class: 'TuleapBrowser'
repositoryUrl : String
viewgit
repoUrl : String
projectName : String
gitHubAgedRefsTrait
retentionDays : String
gitHubBranchCommitSkipTrait
gitHubCommitSkipTrait
$class: 'GitHubJiraValidatorTrait'
jiraServerIdx : int
gitHubSourceChecks
verboseConsoleLog : boolean
(optional)
gitHubStatusChecks
name : String
(optional)
skip : boolean
(optional)
skipNotifications : boolean
(optional)
skipProgressUpdates : boolean
(optional)
suppressLogs : boolean
(optional)
unstableBuildNeutral : boolean
(optional)
lfs
gitlabAvatar
disableProjectAvatar : boolean
(optional)
gitlabSkipNotifications
gitTool
gitTool : String
$class: 'HookRegistrationTrait'
webHookMode : String
systemHookMode : String
gitHubIgnoreDraftPullRequestFilter
ignoreOnPush
jervisFilter
This will look at the root of a GitHub reference for .jervis.yml for the branches and tags filtering. You can customize the name of the YAML file searched for if you like.
For Tags:
For Branches:
branches:
only:
- main
By default Jervis will generate Jenkins jobs for all branches that have a .jervis.yml file. You can control and limit this behavior by specifying the branches or tags key in your .jervis.yml.
You can either create an allow list of branches (only) or a block list of branches (except) to be built.
# block branches from building
branches:
except:
- legacy
- experimental
# allow only these branches
branches:
only:
- main
- stable
The same YAML can be applied to tags.
# block tags from building
tags:
except:
- .*-rc
- .*-beta
# allow only these tags
tags:
only:
- v[.0-9]+
If you specify both only and except, then except will be ignored. .jervis.yml needs to be present on all branches you want to be built. .jervis.yml will be interpreted in the context of that branch so if you specify an allow list in your main branch, then it will not propagate to other branches.
You can use regular expressions to allow or block branches:
branches:
only:
- main
- /^[.0-9]+-hotfix$/
Any name surrounded with / in the list of branches is treated as a regular expression. The expression will use Pattern.compile to compile the regex string into a Groovy regular expression.
yamlFileName : String
The filename which will be read from GitHub to determine if a Jenkins branch, tag, or pull request should be built. Provide a comma separated list of paths to YAML files in a repository and it will check each path as a fallback.
For example, set the value to: .jervis.yml, .ci/jervis.yml and this plugin will first check for valid YAML in .jervis.yml. If no YAML exists, then it will fall back to checking .ci/jervis.yml.
localBranch
logComment
logSuccess : boolean
(optional)
sudoUser : String
(optional)
$class: 'MercurialBrowserSCMSourceTrait'
browser
$class: 'FishEye'
url : String
$class: 'GoogleCode'
url : String
$class: 'HgWeb'
url : String
$class: 'Kallithea'
url : String
$class: 'KilnHG'
url : String
$class: 'RhodeCode'
url : String
$class: 'RhodeCodeLegacy'
url : String
$class: 'ScmManager'
url : String
http://YOURSCMMANAGER/scm/repo/NAMESPACE/NAME/
).
$class: 'MercurialInstallationSCMSourceTrait'
installation : String
multiBranchProjectDisplayNaming
displayNamingStrategy
Job display name with fallback to name:
Uses the branch source plugin's display name for the PR instead of the raw name
Value for configuration-as-code: OBJECT_DISPLAY_NAME
Name and, if available, display name:
Joins the raw name and the branch source plugin's display name
Value for configuration-as-code: RAW_AND_OBJECT_DISPLAY_NAME
OBJECT_DISPLAY_NAME
, RAW_AND_OBJECT_DISPLAY_NAME
$class: 'NotificationContextTrait'
contextLabel : String
typeSuffix : boolean
Appends the relevant suffix to the context label based on the build type. '/pr-merge', '/pr-head' or '/branch'
gitLabOriginDiscovery
strategyId : int
$class: 'PathBasedPullRequestFilterTrait'
inclusionField : String
exclusionField : String
$class: 'PreBuildMergeTrait'
extension
options
mergeTarget : String
master
.
fastForwardMode
(optional)
FF
, FF_ONLY
, NO_FF
mergeRemote : String
(optional)
origin
, that contains the branch you specify below. If left blank, it'll default to the name of the first repository configured above.
mergeStrategy
(optional)
DEFAULT
, RESOLVE
, RECURSIVE
, OCTOPUS
, OURS
, SUBTREE
, RECURSIVE_THEIRS
$class: 'PretestedIntegrationSCMTrait'
extension
gitIntegrationStrategy
accumulated
shortCommitMessage : boolean
(optional)
ffonly
shortCommitMessage : boolean
(optional)
squash
integrationBranch : String
The branch name must match your integration branch name. No trailing slash.
git checkout -B <Branch name> <Repository name>/<Branch name> git merge --squash <Branch matched by git> git commit -C <Branch matched by git>
git checkout -B <Branch name> <Repository name>/<Branch name> git merge -m <commitMsg> <Branch matched by git> --no-ff
Changes are only ever pushed when the build results is SUCCESS
git push <Repository name> <Branch name>
repoName : String
The repository name. In git the repository is always the name of the remote. So if you have specified a repository name in your Git configuration. You need to specify the exact same name here, otherwise no integration will be performed. We do the merge based on this.
No trailing slash on repository name.
Remember to specify this when working with NAMED repositories in Git
pruneStaleBranch
pruneStaleTag
bitbucketPublicRepoPullRequestFilter
$class: 'PullRequestDiscoveryTrait'
excludeBranchesWithPRs : boolean
$class: 'PullRequestLabelsBlackListFilterTrait'
labels : String
$class: 'PullRequestLabelsMatchAllFilterTrait'
labels : String
$class: 'PullRequestLabelsMatchAnyFilterTrait'
labels : String
$class: 'PullRequestNameFilterTrait'
strategyId : int
phrase : String
ignoreCase : boolean
regex : boolean
$class: 'PullRequestSourceBranchFilterTrait'
strategyId : int
phrase : String
ignoreCase : boolean
regex : boolean
$class: 'PullRequestTargetBranchFilterTrait'
strategyId : int
phrase : String
ignoreCase : boolean
regex : boolean
refSpecs
templates
value : String
@{remote}
will be replaced by the remote name (which defaults to origin
) before use.
headRegexFilterWithPRFromOrigin
regex : String
tagRegex : String
remoteName
remoteName : String
$class: 'ScmManagerBranchDiscoveryTrait'
sparseCheckoutPaths
extension
Specify the paths that you'd like to sparse checkout. This may be used for saving space (Think about a reference repository). Be sure to use a recent version of Git, at least above 1.7.10
sparseCheckoutPaths
path : String
submoduleOption
extension
depth : int
(optional)
disableSubmodules : boolean
(optional)
parentCredentials : boolean
(optional)
recursiveSubmodules : boolean
(optional)
reference : String
(optional)
git init --bare git remote add SubProject1 https://gitrepo.com/subproject1 git remote add SubProject2 https://gitrepo.com/subproject2 git fetch --all
shallow : boolean
(optional)
threads : int
(optional)
timeout : int
(optional)
trackingSubmodules : boolean
(optional)
mrTriggerComment
commentBody : String
onlyTrustedMembersCanTrigger : boolean
tuleapBranchDiscovery
tuleapNotifyPullRequest
tuleapForkPullRequestDiscovery
tuleapPullRequestDiscovery
userIdentity
extension
name : String
If given, "GIT_COMMITTER_NAME=[this]" and "GIT_AUTHOR_NAME=[this]" are set for builds. This overrides whatever is in the global settings.
email : String
If given, "GIT_COMMITTER_EMAIL=[this]" and "GIT_AUTHOR_EMAIL=[this]" are set for builds. This overrides whatever is in the global settings.
bitbucketWebhookConfiguration
Sets the value for committersToIgnore in the Bitbucket Webhook. Value should be a comma separated string.
committerToIgnore is used to prevent triggering Jenkins builds when commits by certain users are made.
committersToIgnore : String
WebhookListenerBuildConditionsTrait
alwaysBuildMROpen : boolean
(optional)
alwaysBuildMRReOpen : boolean
(optional)
alwaysIgnoreMRApproval : boolean
(optional)
alwaysIgnoreMRApproved : boolean
(optional)
alwaysIgnoreMRUnApproval : boolean
(optional)
alwaysIgnoreMRUnApproved : boolean
(optional)
alwaysIgnoreMRWorkInProgress : boolean
(optional)
alwaysIgnoreNonCodeRelatedUpdates : boolean
(optional)
headWildcardFilterWithPRFromOrigin
includes : String
*
as a wildcard; for example: master release*
excludes : String
release
tagIncludes : String
*
as a wildcard; for example: *-1.*
to build only 1.0 tags from the maven release plugin.
tagExcludes : String
*-0.*
$class: 'WipeWorkspaceTrait'
bitbucketBranchDiscovery
strategyId : int
bitbucketForkDiscovery
strategyId : int
trust
One of the great powers of pull requests is that anyone with read access to a repository can fork it, commit some changes to their fork and then create a pull request against the original repository with their changes. There are some files stored in source control that are important. For example, a Jenkinsfile
may contain configuration details to sandbox pull requests in order to mitigate against malicious pull requests. In order to protect against a malicious pull request itself modifying the Jenkinsfile
to remove the protections, you can define the trust policy for pull requests from forks.
Other plugins can extend the available trust policies. The default policies are:
Jenkinsfile
) the contents of that file will be retrieved from the target branch on the origin repository and not from the pull request branch on the fork repository.
jenkins.scm.api.trait.SCMHeadAuthority<? super com.cloudbees.jenkins.plugins.bitbucket.BitbucketSCMSourceRequest, ? extends jenkins.scm.api.mixin.ChangeRequestSCMHead2, ? extends jenkins.scm.api.SCMRevision>
bitbucketPullRequestDiscovery
strategyId : int
bitbucketSshCheckout
https://
protocol for the Git repository.
This behaviour allows you to select the SSH private key to be used for checking out sources, which will consequently force the checkout to use the ssh://
protocol.
credentialsId : String
It must be a SSH key based credential.
bitbucketTagDiscovery
bitbucketWebhookRegistration
Overrides the defaults for webhook management.
Webhooks are used to inform Jenkins about changes to repositories. There are two ways webhooks can be configured:
The Manage Jenkins » Configure Jenkins › Bitbucket Endpoints allows defining the list of servers. Each server can be associated with credentials. If credentials are defined then the default behaviour is to use those credentials to automatically manage the webhooks of all repositories that Jenkins is interested in. If no credentials are defined then the default behaviour is to require the user to manually configure webhooks.
mode : String
$class: 'com.cloudogu.scmmanager.scm.BranchDiscoveryTrait'
$class: 'com.cloudogu.scmmanager.scm.TagDiscoveryTrait'
dagshubBranchDiscovery
$class: 'io.jenkins.plugins.dagshubbranchsource.traits.ForkPullRequestDiscoveryTrait'
buildOnPullHead : boolean
(optional)
$class: 'io.jenkins.plugins.dagshubbranchsource.traits.OriginPullRequestDiscoveryTrait'
buildOnPullHead : boolean
(optional)
dagshubTagDiscovery
gitLabBranchDiscovery
strategyId : int
$class: 'io.jenkins.plugins.gitlabbranchsource.SSHCheckoutTrait'
https://
protocol for the Git repository.
This behaviour allows you to select the SSH private key to be used for checking out sources, which will consequently force the checkout to use the ssh://
protocol.
credentialsId : String
gitLabTagDiscovery
gitBranchDiscovery
gitTagDiscovery
headRegexFilter
regex : String
headWildcardFilter
includes : String
*
as a wildcard; for example: master release*
excludes : String
release alpha-* beta-*
headRegexFilterWithPR
regex : String
tagRegex : String
headWildcardFilterWithPR
includes : String
*
as a wildcard; for example: master release*
excludes : String
release
tagIncludes : String
*
as a wildcard; for example: *-1.*
to build only 1.0 tags from the maven release plugin.
tagExcludes : String
*-0.*
giteaBranchDiscovery
strategyId : int
giteaForkDiscovery
strategyId : int
trust
One of the great powers of pull requests is that anyone with read access to a repository can fork it, commit some changes to their fork and then create a pull request against the original repository with their changes. There are some files stored in source control that are important. For example, a Jenkinsfile
may contain configuration details to sandbox pull requests in order to mitigate against malicious pull requests. In order to protect against a malicious pull request itself modifying the Jenkinsfile
to remove the protections, you can define the trust policy for pull requests from forks.
Other plugins can extend the available trust policies. The default policies are:
Jenkinsfile
) the contents of that file will be retrieved from the target branch on the origin repository and not from the pull request branch on the fork repository.
Nobody
.
gitLabTrustMembers
bitbucketTrustTeam
bitbucketTrustEveryone
bitbucketTrustNobody
gitLabTrustEveryone
gitLabTrustNobody
gitLabTrustPermissions
giteaTrustContributors
giteaTrustEveryone
giteaTrustNobody
gitHubTrustContributors
gitHubTrustEveryone
gitHubTrustNobody
gitHubTrustPermissions
giteaPullRequestDiscovery
strategyId : int
giteaSSHCheckout
https://
protocol for the Git repository.
This behaviour allows you to select the SSH private key to be used for checking out sources, which will consequently force the checkout to use the ssh://
protocol.
credentialsId : String
giteaTagDiscovery
giteaWebhookRegistration
Overrides the defaults for webhook management.
Webhooks are used to inform Jenkins about changes to repositories. There are two ways webhooks can be configured:
The Manage Jenkins » Configure System › Gitea Server allows defining the list of servers. Each server can be associated with credentials. If credentials are defined then the default behaviour is to use those credentials to automatically manage the webhooks of all repositories that Jenkins is interested in. If no credentials are defined then the default behaviour is to require the user to manually configure webhooks.
mode : String
gitHubBranchDiscovery
strategyId : int
env.GIT_BRANCH
will be set to the branch name rather than PR-#
. Also, status notifications for these builds will only be applied to the commit and not to the pull request.
gitHubForkDiscovery
strategyId : int
trust
One of the great powers of pull requests is that anyone with read access to a repository can fork it, commit some changes to their fork and then create a pull request against the original repository with their changes. There are some files stored in source control that are important. For example, a Jenkinsfile
may contain configuration details to sandbox pull requests in order to mitigate against malicious pull requests. In order to protect against a malicious pull request itself modifying the Jenkinsfile
to remove the protections, you can define the trust policy for pull requests from forks.
Other plugins can extend the available trust policies. The default policies are:
Jenkinsfile
) the contents of that file will be retrieved from the target branch on the origin repository and not from the pull request branch on the fork repository.
Nobody
. NOTE: all collaborators are trusted, even if they are only members of a team with read permission.
jenkins.scm.api.trait.SCMHeadAuthority<? super org.jenkinsci.plugins.github_branch_source.GitHubSCMSourceRequest, ? extends jenkins.scm.api.mixin.ChangeRequestSCMHead2, ? extends jenkins.scm.api.SCMRevision>
gitHubPullRequestDiscovery
strategyId : int
gitHubSshCheckout
https://
protocol for the Git repository.
This behaviour allows you to select the SSH private key to be used for checking out sources, which will consequently force the checkout to use the ssh://
protocol.
credentialsId : String
gitHubTagDiscovery
Please submit your feedback about this page through this quick form.
Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?
See existing feedback here.